From the example I gave in #40:
[W]ith Rijndael-128, it's very important that the key be 128 bits of random data. If you were to generate a 16-character key by, say, truncating the results of a hash function like MD5, it would seem to fit that requirement. However, the keyspace would actually be reduced by a factor of 2^64. Using drupal_random_bytes(16)—or whatever the D8 replacement is—truly does produce 128 bits of random data, but it's not readable. Thus the need to base64-encode it, if you want it to be readable. But then Key needs to know to base64-decode it when retrieving it.
From the example I gave in #40: